Confirmation of Payee/Payer API

Confirmation of Payee/Payer is a name checking service for UK-based payments. The aim of the service is to reduce certain types of fraud as well as misdirected payments. Today, volumes of Confirmation of Payee/Payer requests are averaging more than one million per day.

PayPoint has worked with Pay.UK and partners to introduce an API which allows both Single real time CoP searches and Batched CoP lookup jobs both for integration into client systems.

Detailed explanation of CoP Service

Before the service was implemented a client would provide their PSP with all their customers details, including their bank sort code and account number together with the name of the person or organisation they were intending to pay or receive payment from. The sort code and account number were then used to route the payment in accordance with the instructions given, however, there was no facility for the client to check and confirm the name on the account before making a payment to the customer or setting up a payment instruction to receive a payment from the customer.

Confirmation of Payee/Payer Name Verification is a way of giving clients greater assurance that payments are being routed to and from the intended customer and therefore are not being accidentally or deliberately misdirected.

CoP Process Flow

Useful CoP Service Information 

To make a payment to a personal bank account, you will need the exact name registered to the account when making a payment, as well as the sort code and account number. You will also need to verify the exact name registered to the account when you are setting up a payment instruction to receive a payment from the customer.

If it is a joint account, a customer will only need to provide one of the names registered to the account, however customers may choose to provide both names. The order that a name appears on a joint account will not affect the matching response. To validate the account holder name for a business account, you will need the registered business name or a trading name register to the account.

The name matching result will be determined solely by the bank or building society of the account holder as they have access to information related to the account holder.

A customer can request to opt out of Confirmation of Payee/Payer Name Verification with their bank and as such the CoP service will not return a positive or negative response.

BACK TO TOP   ⇧

API Details

For details on how to make a Confirmation of Payee/Payer API request, please refer to the detailed   API Documentation

BACK TO TOP   ⇧

FAQS

What are the difference between singleton versus batch requests?

Singleton requests are synchronous.

For the live service, you should typically expect to get a response in around 1 second (this is largely dependent on how fast the responding participant is).  We have to follow CoP scheme rules for timeouts.  This requires us to wait 3 seconds and then re-attempt the check if we have had no response (waiting another 3 seconds).  This means our timeout is over 7 seconds.  Depending on your use-case, you may want to set a faster timeout rather than waiting for our service.

Batch requests require you to poll for a response.  

We serialise each check in the batch as individual requests.  Results are returned in a batch rather than streamed and we require you to poll the batch results endpoint.  The response will be available once we have results for each of the checks in the batch.

What are the Rate limits?

Sandbox

The sandbox connects to the live CoP network, but is rate limited to:

  • 10 requests per 60 seconds

  • 100 requests per day

This rate is set by x-api-key.  If you have several people accessing the sandbox, it will be the total of their activity that contributes to the limits.  If you require more than this for specific testing, let me know and we can temporarily increase the limits for you.

You may at times receive slower responses in the sandbox than in production because the sandbox service is not scaled for production throughput.  It may also exhibit a start-up latency if it has not been used for some time. 

Production

Our aim is to provide you with the highest throughput possible without triggering timeouts or ‘too many request’ responses from responding participants.  We currently limit each client to 10 TPS for single requests.  There is no rate limit for submitting batch requests, but we serialise each batch at 20 TPS. There is a limit for batch uploads of 2.7mb (approx. 10000 Accounts)

How can we do automated testing?

The sandbox returns live results, as we felt this was the best way to allow you to explore different ‘real world’ responses.  The data returned is classed as personal data, so you may wish to consider how it is handled for your GDPR compliance.

For automated testing, we have provided a list of dummy bank accounts under sort-code 00-00-00, which cover the full set of possible response codes.  These are listed below at: Test Bank Account & Response

How does name matching work?

Name matching is done by the responding bank, not by us.  There are scheme rules for how matching works, but the banks have some discretion over whether to provide a full match or a close match response, so expect to see slightly different behaviour across participants.

There are several pages of name matching rules, but for a single-name personal account, the key matching rules are: 

A CoP responder  cannot return a 'no match' when:

  • the first name and family name are transposed in the request but otherwise match

  • the family name matches and there is a match for a preferred first name held on the account, such a common contraction (Rajesh/Raj, William/Bill, Elizabeth/Beth/Liz/Lizzie, ....)

  • the first name contains a single spelling mistake, but the name otherwise matches

  • the family name contains a single spelling mistake, but the name otherwise matches

A CoP responder  cannot  return a full match response unless the following are true:

  • the family name is an exact  match, and the first character of the first name is correct

Most responders will require more than the first initial + family name for a full match. 

We have seen some responders provide a full match response when there is a single character spelling mistake in the family name, although the rule above says not to.

BACK TO TOP   ⇧

Test Bank Account Details & Responses

The following table describes the possible response reasons for CoP searches. Using the dummy Sort Code 00-00-00 we will provide the following dummy responses, if you use valid Sort Codes the service will check against Live banks accounts and exhibit full end to end behaviour .